New in Simple DNS Plus v. 3.xx

Version 3.60

TSIG authenticated dynamic DNS updates
Dynamic DNS updates can now be authenticated using transaction signatures (TSIG).
This is a method of cryptographically signing the update data with a key name / value pair (similar to a user name / password pair).
The key name identifies the client to the DNS server, and the key value is a shared secret known only by this client and the DNS server.

This is especially useful when accepting dynamic update from across the Internet, where the originating IP address may not be known beforehand (dynamic IP) and does not guarantee the identity of the sender (IP spoofing).

Different dynamic IP updater applications can be used with this.
For example DynSite or DirectUpdate.

Domain specific DNS forwarding
You can now use forwarding to different DNS servers for different domain names.
You can use this for example if you wish to be able to resolve both Internet domain names as well as a private domain name hosted on another DNS server.

(See Options dialog / DNS Requests tab)

Extended DNS forwarding
Standard DNS forwarding is only performed for recursive DNS requests (outgoing requests from local users).
However Simple DNS Plus now has a unique "extended forwarding" option, which causes non-recursive requests (incoming requests from the Internet) for the specified domain to be forwarded.
There are several scenarios in which this is beneficial - for example:
- You are hosting part of your DNS data on a separate DNS server, but you only have one public IP address available for hosting DNS.
- You are hosting some or all of your DNS data on a separate specialized DNS server (for example an RBL list server) which requires a lot of resources (for example serving data from a database), and you want to offload this by having Simple DNS Plus sit in front of it caching the data, thereby causing fewer requests to hit the specialized DNS server.
- You are hosting some or all of your DNS data on a separate DNS server which you don't want to expose directly to the Internet (for example if you have to use some other DNS software with known vulnerabilities). Simple DNS Plus will only forward standard DNS requests, only for the specified domain name, and it automatically filters out most malformed data.

In all 3 scenarios, you can setup Simple DNS Plus on a computer with both a private IP address and a public IP address (or with a public IP address NAT mapped to it), setup the other DNS server on a private IP address only, and configure Simple DNS Plus to use extended forwarding for domains hosted on the other DNS server.

(See Options dialog / DNS Requests tab)

"Stealth DNS" security option
A hacker may use a software utility known as a "port scanner" to search for potential targets. This software sends dummy requests to a range of IP addresses on different service ports simply to register which addresses/ports respond.
Any addresses/ports that responded will then be probed further for possible vulnerabilities.
Simple DNS Plus now has a special "stealth" option which makes it invisible to such port scanners, by not responding to a DNS request unless it is for data in local zones or originates from a client offered recursion.

(See Options dialog / DNS Security tab)

Miscellaneous
Many areas of the algorithms for processing DNS requests have been further optimized. For example duplicate DNS requests (client resending request while the server still working on original request) are now recognized and ignored.

Version 3.50

Separation of DNS engine and GUI = Access via Terminal Services
Simple DNS Plus runs on a lot of Windows 2000 servers, and a lot of these servers are being administered remotely via Windows Terminal Services (a.k.a. "Remote Desktop"). The problem is that when you connect to a remote Windows 2000 Server using Terminal Services, you are accessing a new "user session" rather than the "console session". When run as a Windows Service (a.k.a. NT-service), Simple DNS Plus (and its tray icon) "lived" in the console session, and was therefore not directly accessible through the Terminal Services session. Workarounds for this were described on our website, but were not exactly convenient or intuitive.
Separating the DNS engine (the service part) from the user interface solves this and others issues - including conflicts with both Office 2000 and ZoneAlarm which led to some annoyance for many users.

NXDOMAIN RedirectTypically when you open a non-existing domain name in a web-browser, you either get an error page, or you are redirected to some search web-site controlled by the web-browser company (or DNS registry).
This of course happens all the time because of misspellings and bad links on web-sites.
Now you can take advantage of those failed requests (from any client configured to use your DNS server) by redirecting them to your web-server instead of giving this traffic to the browser companies.
This new option redirects all recursive DNS requests for non-existing domain names to a server IP address which you control.
This gives you a unique opportunity to present your own custom search page, a domain sale offer, a marketing message, an intranet site, or anything else you can think of.
Note: Only requests which are for domain names confirmed non-existing (NXDOMAIN) will be redirected - not any other error type conditions.
The new option is available in the Options dialog / DNS Records tab.

Error/Warning event notificationOn a busy Simple DNS Plus server, it can be easy to miss important events in the logs.
There is now a new option (enabled by default) to write all errors and warnings to the Windows Event Log, which means that you can also use Windows tools such as “eventtriggers.exe” to trap events from Simple DNS Plus.

New log file optionsMany users have asked for more options to control log files.
One problem is that Simple DNS Plus can generate some real big log files in no time, which can quickly fill up even moderately sized hard drives.
We’ve added options to generate log files per hour, day, or month - and these can now be recycled every day, month, or year (overwriting the oldest file first).
These new options are available from the Options dialog / Logging tab.

Support for LOC-recordsA LOC-record describes the global position and size of a host, network, subnet, or any other entity.
This DNS record type is still considered experimental, but with GPS devices now being offered as standard equipment in many automobiles, it might be time to add latitude and longitude to your DNS setup so you can find your way home…
Some interesting and practical information about LOC-records is available at http://www.ckdhr.com/dns-loc/
To add a LOC-record, click the "Records" button, right-click a zone and select "Other new record...", select "LOC"...

Support for NAPTR-records
NAPTR-records are used to store rules used by DDDS (Dynamic Delegation Discovery System) applications.
One example is "ENUM" which allows an end user to type a telephone number into e.g. a web browser and access a listing of Internet resources (URI) for that number, such as addresses for IP telephony, e-mail or Web sites.
For more on "ENUM", please see http://www.ripe.net/enum or http://enum.nic.at/
To add a NAPTR-record, click the "Records" button, right-click a zone and select "Other new record...", select "NAPTR"...

New security option - Maximum number of inbound TCP connectionsA hacker may try to open a lot of TCP connections to exhaust server resources.
To prevent this Simple DNS Plus the maximum number of inbound TCP connections can be set (default to 100). After this number of connections has been reached, additional connection attempts are logged and rejected.
These options are available in the Options dialog / Security tab.

InteroperabilityIt is now possible to use the automatic Master/Slave zone synchronization function (added in version 3.20) with other DNS server software.
No other DNS server software has this functionality built-in, and it still much easier to use with Simple DNS Plus on both the master and slave server.
But now it is possible to manually “fake” a “_masterlist” zone on any standard DNS server, and have a Simple DNS Plus slave server synchronize with that.
Another new option can prevent Simple DNS Plus from requesting “incremental zone transfers” (IXFR) from other DNS servers.
IXFR is more efficient than the “full zone transfer” (AXFR) alternative, but some DNS server software packages do not support IXFR.
So if you are using another brand software which doesn’t understand IXFR as your primary DNS server, you can now save some wasted communication (IXFR request / Don’t understand response) between the two servers.

New DHCP option to automatically update DNS (or not)Since version 1.04 Simple DNS Plus has included a DHCP server which when enabled automatically created DNS records for all DHCP client computers.
Several users have described scenarios where this automatic updating may not be desirable - for example when multiple computers on the same network should be allowed to have the same computer name.
So now there is an option to turn this on and off in the Options dialog, DHCP tab.

MiscellaneousAdditionally this release also includes a number of minor adjustments and updates including:
- HTTP command "zonelist" extended with a new "listtype" field accepting either "simple", "primary", "secondary", or "extended" for different list types.
- New option to turn on/off tray bar icon (was permanently on).
- New right-click option in Active Log View to clear the window.
- New sdnsplus.ini file option "HostsReverse" to enable/disable automatic creation of reverse records from hosts file.
- Updated WHOIS server list for lookup tool.
- New root server file.
- Many other details have been further optimized or improved...

Version 3.20

Automate secondary DNS servers
New "Slave Servers" and "Master Servers" options completely automate adding and deleting zones on secondary servers.
This works on local networks as well as across the Internet.
Replaces the "Copy zone files from" option.
(See Options dialog - Zone Transfers tab)

HTTP administration / programming interface
Create a web interface to your DNS server for yourself or yours customers.
This is not intended as a direct web interface, but is ideal for communicating with Simple DNS Plus from other applications across the network (for example ASP scripts running on IIS).Click here for details.

Incremental Zone Transfers
A history of individual record updates (DHCP, dynamic update, HTTP updates) is recorded, so secondary DNS servers don't need to zone transfer the entire zone each time there is a change.
This saves both CPU cycles and bandwidth.

Support for new "A6" and "DNAME" record types
"A6" is a new record type for IPv6 addresses which replaces or supplements the AAAA record type.
"DNAME" records lets you rename entire sub-name-spaces (advanced CNAME record).

Active Log Snapshot
Is the Active Log View scrolling by too fast ?
Hit F9 for an instant snapshot.
Also allows you to copy/paste text from the Active Log.

Maximum cache size option
You can use this to limit the amount of memory Simple DNS Plus will use for caching.

Option to only log errors and warnings
Makes it easier to spot any problems.

Option to restrict zone transfers for all zonesZone Transfer restrictions can be specified per zone, and now for all zones.

Many new advanced configuration options

Version 3.01

New "Data directory" and "Log file directory" options
You can now specify exactly where data (boot and zone files) and logs should be kept on your system.
Just like with other log files, system performance can be enhanced by writing log files to a different physical disk drive (other than where the operating system is installed).

New "Load primary zones on demand only" option
Enabling this option will delay loading of primary zones until the first related request is received.
In setups with many zones (+500), this can greatly improve the server startup time.
Inactive zones will never be loaded, which in some situations may improve memory consumption.

New "Lines in Active Log View" option
The maximum number of log lines displayed in the Active Log View.
Temporarily increasing the number of lines (history) displayed can be a great help in troubleshooting various DNS problems.

Version 3.00

Import Wizard
This function makes it very simple to import zones from other DNS server implementations.
This includes zone transfer, import zone file, and import set of zone files based on a boot file.

"New Zone" Wizard
A simple wizard now guides you through the process of creating a zone.
This includes primary, secondary, reverse, copy a zone, and alias (file sharing).

Zone File Sharing
Simple DNS Plus now uses a standard 'Boot' file, which also means that two or more zones can share the same file.
This makes it very easy to manage a large number of zones with the same data.

New "Auto Scan" function in "Reverse Zone Wizard"
This function scans all "forward zones" to create the records in a reverse zone.

Faster record editor
New right-click pop-up menus make adding and modifying records much faster.

DHCP Reservations
IP addresses can now be reserved for specific computers based on name or MAC/hardware address.

LookUp Tool enhancements
The lookup tool now provides even more detail, and it now remembers previous lookups and servers between uses.

New 'Maximum cache time' option
You can now control the maximum cache time, or even disable caching by setting this option to zero.

Support for 12 additional record types
These are all less commonly used / experimental record types:
HINFO, MB, MG, MINFO, MR AFSDB, ISDN, RP, RT, X25, NSAP, and ATMA

Faster cache reload
When closing the program, the cache is automatically written to disk (if the 'reload cache...' option is on).
This disk file is now a direct binary dump (was ASCII formatted), making both the dump and reload much faster.

Command line options
To make it easier to integrate Simple DNS Plus through batch files etc., the following command line options have been implemented:

sdnsplus -r

Reloads all zones.

sdnsplus -r zone-name zone-file

Loads/reloads a specific zone.

sdnsplus -u zone-name

Unload a specific zone.

sdnsplus -c

Clears the cache.

Automatic Root file update
The "Get latest Internet root file" function has been removed from the Tools menu.
This process is now completely automated.

FASTER
Further optimization has resulted in almost 100% performance gain compared to earlier releases, memory usage is also significantly lower when large numbers of records are cached.

REFERENCES:
For more information, please see the following knowledge base articles: